Thursday, March 2, 2017

Snort++ Alpha 4 Available Now!

The fourth alpha release of Snort++ is now available on snort.org. If you haven't tried Snort++ yet, now is a good time to do so as this pig sports a superset of Snort 2.9.8.3 functionality:

Support for multiple packet processing threads

Improved throughput and latency performance

Improved detection

Modular design

Plugin framework with over 200 plugins

More scalable memory profile

A brand new HTTP inspector

Service rules like alert http

Rule "sticky" buffers

LuaJIT configuration, loggers, and rule options

Auto-detect common services for portless configuration

Rewritten TCP handling

New rule parser and syntax

New performance monitor

New time and space profiling

New latency monitoring and enforcement

Automake or Cmake - your choice

Builtin help and generated reference documentation

The
first beta release is expected around midyear at which point Talos will provide 3.0
rule downloads. In the meantime, you can use the
snort2lua utility packaged with Snort++ to convert 2.X rules and confs.

There are lots of enhancements and new features planned for Snort++, some of which are already in development. As always, new
downloads are posted to snort.org monthly. You can also get the latest updates from github (snortadmin/snort3) which is updated weekly.

Please submit bugs, questions, and feedback to bugs@snort.org or the Snort-Users mailing list.